<?php

ob_start('ob_gzhandler');
session_start();

include("./includes/settings.inc");
require("./includes/detections.inc");

if ($_POST['action']==!"login"){
if ($_SESSION["login"]==!"true"){
include("./includes/banfunction.inc");
ban("Unknown user", "Hacking attempt: User tried to bypass the login security system.\n");
}
}

if ($_POST['action']=="addcomment"){

if (empty($_POST['forid'])){
include("./includes/banfunction.inc");
ban($_SESSION['uname'], "No id given to submit.php at add-action. This could be a hacking attempt, or an error.\n Please notify user if appropriate!");
}

$message = nl2br($_POST[message]);

$orgarray = array("'\[b\](.*?)\[/b\]'is", "'\[i\](.*?)\[/b\]'is", "'\[u\](.*?)\[/u\]'is", "'\[url\](.*?)\[/url\]'i", "'\[url=\"(.*?)\"\](.*?)\[/url\]'i");

$replarray = array("<span class=\"bold\">\\1</span>", "<span class=\"italic\">\\1</span>", "<span class=\"underline\">\\1</span>", "<a href=\"\\1\">\\1</a>", "<a href=\"\\1\">\\2</a>");

$message = preg_replace($orgarray, $replarray, $message);

mysql_query("INSERT INTO enlight_comments VALUES (NULL, '$_POST[forid]', NOW(), '$_SESSION[uname]', '$_POST[title]', '$message')");

compatdetect();

echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<?xml-stylesheet type=\"text/css\" href=\"./CSS/comment-popup.css\"?>\n";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"$language\">\n";
echo "<head>\n";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"./CSS/comment-popup.css\" />\n";
echo "<script language=\"JavaScript\" src=\"./JS/comment.js\" type=\"text/javascript\"></script>\n";
echo "</head>\n";
echo "<body onload=\"refreshparent();\">\n";
echo "<h2>Reactie toegevoegd!</h2>\n";
echo "</body>\n";
echo "</html>\n";
}

if ($_POST['action']=="editcomment"){
if (empty($_POST['id'])){
include("./includes/banfunction.inc");
ban($_SESSION['uname'], "No id given to submit.php at edit-action. This could be a hacking attempt, or an error.\n Please notify user if appropriate!");
}

$message = nl2br($_POST[message]);

$orgarray = array("'\[b\](.*?)\[/b\]'is", "'\[i\](.*?)\[/b\]'is", "'\[u\](.*?)\[/u\]'is", "'\[url\](.*?)\[/url\]'i", "'\[url=\"(.*?)\"\](.*?)\[/url\]'i");

$replarray = array("<span class=\"bold\">\\1</span>", "<span class=\"italic\">\\1</span>", "<span class=\"underline\">\\1</span>", "<a href=\"\\1\">\\1</a>", "<a href=\"\\1\">\\2</a>");

$message = preg_replace($orgarray, $replarray, $message);

mysql_query("UPDATE enlight_comments SET datetime=NOW(), title='$_POST[title]', message='$message' WHERE id='$_POST[id]]'");

compatdetect();

echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
echo "<?xml-stylesheet type=\"text/css\" href=\"./CSS/comment-popup.css\"?>\n";
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\" \"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd\">\n";
echo "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"$language\">\n";
echo "<head>\n";
echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"./CSS/comment-popup.css\" />\n";
echo "<script language=\"JavaScript\" src=\"./JS/comment.js\" type=\"text/javascript\"></script>\n";
echo "</head>\n";
echo "<body onload=\"refreshparent();\">\n";
echo "<h2>Reactie aangepast!</h2>\n";
echo "</body>\n";
echo "</html>\n";
}

if ($_POST['action']=="delcomment"){
if (empty($_POST['id'])){
include("./includes/banfunction.inc");
ban($_SESSION['uname'], "No id given to submit.php at delete-action. This could be a hacking attempt, or an error.\n Please notify user if appropriate!");
}

mysql_query("LOCK TABLES enlight_comments WRITE");
mysql_query("DELETE FROM enlight_comments WHERE id='$_POST[id]'");
mysql_query("ALTER TABLE enlight_comments AUTO_INCREMENT=LAST_INSERT_ID()");
mysql_query("UNLOCK TABLES");
}

if ($_POST['action']=="login"){
$res = mysql_query("SELECT * FROM enlight_users WHERE uname='$_POST[uname]'");
$row = mysql_fetch_row($res);
if ($row[0]==$_POST['uname']){
if ($row[1]==$_POST['passwd']){
$_SESSION['login']="true";
$_SESSION['uname']=$_POST['uname'];
$_SESSION['rank']="$row[2]";
echo "Ingelogd als $_SESSION[uname]";
}
else {
$_SESSION['logincount']=$_SESSION['logincount']+1;

if ($_SESSION['logincount']=="3"){
include("./includes/banfunction.inc");
ban("Unknown user", "User logged in 3 times with wrong user/pass combination, this is seen as a hacking-attempt.\n User tried to hack into account $_POST[uname].\n");
}

echo "Onjuist wachtwoord.";
}
}
else
echo "Gebruiker bestaat niet.";
}

if ($_POST['action'] == "pollvote"){
mysql_query("UPDATE enlight_polls_results SET opt$_POST[polloption]=opt$_POST[polloption] +1 WHERE 1");
header("HTTP/1.1 200 OK");
setcookie("votedid", $_POST['pollid'], time()+2419200);

echo "Stem uitgebracht!";
}

if ($_POST['action']=="ressubmit"){
$_SESSION['resolution']=$_POST['res'];
}

mysql_close();
?>